Techdirt. Stories filed under "impersonation"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "impersonation"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Wed, 9 Sep 2015 08:17:39 PDTDEA Impersonating Medical Board Investigators To Gain Access To Personal Health RecordsTim Cushinghttps://www.techdirt.com/articles/20150907/17103232187/dea-impersonating-medical-board-investigators-to-gain-access-to-personal-health-records.shtml
https://www.techdirt.com/articles/20150907/17103232187/dea-impersonating-medical-board-investigators-to-gain-access-to-personal-health-records.shtml
Medical records have long been given an increased expectation of privacy, something that dates back to before the passage of HIPAA. (See also: Hippocratic Oath.) Consultations with doctors -- and the written records resulting from them -- have generally been treated as confidential, seeing as they contain potentially embarrassing/damaging information. Personal health information can be reported to law enforcement for many reasons: suspicion of criminal activity on the health entity's property, suspicion of criminal activity related to an off-site emergency, reporting a death, patients with stabbing/gunshot wounds, or in the case of a serious/immediate threat. Otherwise, HIPAA's rules for law enforcement say personal information can only be released under the following conditions:

To comply with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, or an administrative request from a law enforcement official (the administrative request must include a written statement that the information requested is relevant and material, specific and limited in scope, and de-identified information cannot be used).

“It’s not like there’s ten of them. There’s probably thousands — I know there are thousands,” Matt Barden, spokesman for the DEA, told the Daily Caller News Foundation about the DEA’s use of administrative subpoenas.

Early last year, a federal court in Oregon ruled the DEA could not access the state's prescription database without a warrant. Unfortunately, this was due to Oregon's state laws being more restrictive than federal law. A federal judge in Texas reached the opposite conclusion, finding that the DEA's use of administrative subpoenas complied with both HIPAA and state law. This decision is now headed for the Fifth Circuit Court of Appeals, where it is hoped a finding similar to the decision in Oregon will be the end result. But judging from the laws in place, that outcome is doubtful.

While the DEA's use of administrative subpoenas appears to comply with HIPAA's restrictions, its repeated attempts (many of them successful) to access medical records with no paperwork whatsoever seem less likely to stand up to legal scrutiny.

The Dallas-area doctors bringing the lawsuit against the DEA have uncovered plenty of DEA subterfuge. In their case, three DEA agents showed up at their offices with a state medical board investigator. Only the investigator identified herself. The agents remained silent, allowing the nurse to believe they, too, were with the state medical board.

The state medical board may have every right to view medical records without any accompanying paperwork, but that's because this information falls directly under its purview. The DEA, however, is looking to build criminal cases. This brings with it additional Fourth Amendment considerations and, at the very least, should bind it to the minimal restrictions of HIPAA. Apparently, issuing its own permission slips is still too much work and the delivered paperwork might accidentally restrict it to only certain medical records pertaining to certain people. By impersonating medical board members, agents have unrestricted access to whatever they ask for.

As Watchdog's Jon Cassidy points out, patients who'd like their privacy respected may want to seek their prescriptions and refills… elsewhere.

The DEA’s practice of avoiding warrant requirements has produced this absurdity: If you have a prescription for Adderall or OxyContin, you might be safer getting your drugs on the street than through your own doctor.

While the latter isn't strictly true in all cases, it's true enough to show how limited the protections of HIPAA actually are. The more disturbing aspect is that the DEA isn't even satisfied with near-instant access to a wealth of medical records provided by administrative subpoenas. It apparently only uses the correct paperwork as Plan B, preferring to mislead medical practitioners by allowing them to believe its agents are investigators working for the state medical board.

Permalink | Comments | Email This Story
]]>the-constant-hassle-of-minimal-paperwork-thwarted-yet-again!https://www.techdirt.com/comment_rss.php?sid=20150907/17103232187Fri, 23 Jan 2015 12:40:00 PSTDOJ Pays $134,000 To Settle Case Of DEA Agents Impersonating A Woman On FacebookMike Masnickhttps://www.techdirt.com/articles/20150122/17532229786/doj-pays-134000-to-settle-case-dea-agents-impersonating-woman-facebook.shtml
https://www.techdirt.com/articles/20150122/17532229786/doj-pays-134000-to-settle-case-dea-agents-impersonating-woman-facebook.shtmlimpersonated a woman on Facebook, even posting photographs of her young children (which they had taken off of her phone), in order to try to track down drug dealers. The woman, Sondra Arquiett, had dated a guy who was convicted of drug dealing, and had herself been charged with letting her boyfriend store some drugs in her apartment, leading to a sentence of probation. DEA agent Timothy Sinnegen then took the photos off of her phone, set up a fake Facebook page pretending to be Arquiett and tried to "friend" people she knew, in trying to track down other drug dealers. Arquiett was totally unaware of this until a friend brought it up, leading her to sue the DEA.

A few days ago, the Justice Department agreed to settle the case, paying her $134,000 for her troubles. As with many settlements, this one includes the government insisting that the settlement is not an admission of any guilt for its actions -- though it also leaves open that Arquiett could seek to get some attorneys' fees as well. Both Facebook and Senator Leahy had criticized the government for this action, and the DOJ promised to review this kind of practice -- though that review is still "ongoing." Either way, in this case, the DOJ realized that it was best to just pay up rather than let the case go much further.

Even so, the statement from the feds is fairly ridiculous:

U.S. Attorney for the Northern District of New York, Richard Hartunian, who previously had defended the agent’s behavior in court filings, issued a statement Tuesday calling the settlement “a fair resolution.” He said it “demonstrates that the government is mindful of its obligation to ensure the rights of third parties are not infringed upon in the course of its efforts to bring those who commit federal crimes to justice.”

Sorry, but if the government is actually "mindful of its obligations to ensure the rights of third parties are not infringed upon," then, uh, it shouldn't have impersonated people in the first place. Hopefully this settlement means it will not do so again in the future.

FBI agents trying to track the source of e-mailed bomb threats against a Washington high school last month sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server, according to an FBI affidavit obtained by Wired News...

The software was sent to the owner of an anonymous MySpace profile linked to bomb threats against Timberline High School near Seattle. The code led the FBI to 15-year-old Josh Glazebrook, a student at the school, who on Monday pleaded guilty to making bomb threats, identity theft and felony harassment.

The court documents didn't detail how the FBI managed to install the weaponized payload on Glazebook's computer. The emails obtained by the EFF, however, expose the electronic paper trail.

The CIPAV (Computer and Internet Protocol Address Verifier) made its way to Glazebrook's system via a Myspace message sent by the FBI… which was impersonating the Seattle Times.

"The ends don't justify the means. I'm not saying that the FBI shouldn't be investigating people who threaten to bomb schools. But impersonating the media is a really dangerous line to cross."

The Seattle Times isn't too happy, either. Editor Kathy Best says the paper is now "seeking answers" from the FBI. Best's full statement on behalf of the Times is short, but deeply critical of the agency's actions.

We, like you, just learned of this and are seeking answers ourselves from the FBI and the U.S. Attorney’s office.

But we are outraged that the FBI misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect. Not only does that cross the line, it erases it.

Our reputation—and our ability to do our job as a government watchdog—is based on trust. And nothing is more fundamental to that trust than our independence from law enforcement, from government, from corporations and from all other special interests. The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.

The FBI has already responded (somewhat) to Best's statement, deploying the usual deferrals to public safety and agency investigatory procedures.

“Every effort we made in this investigation had the goal of preventing a tragic event like what happened at Marysville and Seattle Pacific University. We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting. Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat. We were fortunate that information provided by the public gave us the opportunity to step in to a potentially dangerous situation before it was too late.”

TL; DR: The public should be counting its blessings rather than examining our questionable methods.

Taken at face value, Special Agent Frank Montoya Jr. is basically saying that the FBI will abuse its power (and the reputations of others) whenever it determines such methods to be necessary to achieve its goals. Not really a comforting idea at all, and one that basically confirms Soghoian's suspicions: the ends will be used to justify the means, no matter how potentially damaging the means are.

Permalink | Comments | Email This Story
]]>a-free-(and-exploitable)-presshttps://www.techdirt.com/comment_rss.php?sid=20141028/08320828964Wed, 22 Oct 2014 14:47:00 PDTSenator Leahy Slams DEA For Impersonating A Woman On FacebookMike Masnickhttps://www.techdirt.com/articles/20141021/17383728896/senator-leahy-slams-dea-impersonating-woman-facebook.shtml
https://www.techdirt.com/articles/20141021/17383728896/senator-leahy-slams-dea-impersonating-woman-facebook.shtmlfurious with the DEA for impersonating a woman, posting pictures from her phone, in an attempt to get evidence concerning a drug dealer. Senator Patrick Leahy has now sent an angry letter to the DOJ about this situation as well.

I am greatly concerned by recent reports that the Drug Enforcement Administration used the
identity of an unsuspecting young woman to create a public Facebook profile to interact with
suspected drug traffickers. This extraordinary tactic placed this woman and her family at risk,
and I expect the Justice Department to reconsider the use of such techniques.

Senator Leahy didn't hold back in explaining just why this whole situation was "appalling."

Viewers of the fake profile, which was only removed from Facebook this month, could believe
the woman was currently involved with illicit activities or was actively cooperating with a law
enforcement investigation. The DEA agent's decision to post suggestive photographs of the
woman as well as pictures of her young child and niece is appalling and placed them at even
greater risk.

I understand that cooperating defendants often provide critical assistance to criminal
investigations. However, the decision to cooperate and the nature of that cooperation is a
decision to be made by the defendant and the defendant alone. Law enforcement agencies should
not risk the safety of innocents or those who are serving their debt to society without their
knowledge or consent. Although the Justice Department has indicated that this incident is under
review, the U.S. Attorney's Office for the Northern District of New York has thus far defended
the practice. I hope the Justice Department will agree that creating an online profile using an
unsuspecting person's identity to communicate with criminals is unethical, potentially
dangerous, and should not be condoned by our nation's law enforcement agencies.

However, remember, this is the very same DOJ which has argued in other cases that violating the terms of service of certain websites is a violation of the CFAA. But, of course, when the government itself does it, in much more appalling situations, they don't seem to think there's any problem.

Permalink | Comments | Email This Story
]]>but-what-will-happenhttps://www.techdirt.com/comment_rss.php?sid=20141021/17383728896Mon, 20 Oct 2014 03:42:00 PDTFacebook To DEA: Hey, No Setting Up Fake AccountsMike Masnickhttps://www.techdirt.com/articles/20141017/16105328863/facebook-to-dea-hey-no-setting-up-fake-accounts.shtml
https://www.techdirt.com/articles/20141017/16105328863/facebook-to-dea-hey-no-setting-up-fake-accounts.shtmlset up a fake profile of a woman who was charged in a case related to drug dealing. The DEA argued that the woman's "consent" to using evidence from her seized cell phone in their investigation included allowing them to (without telling her) set up a Facebook profile in her name, post pictures of hers and other children (from the phone) and "friend" people that the woman knew in real life, in an effort to get more evidence in the drug case. After the story got attention, thanks to a Buzzfeed article, the DOJ said it will "review the practice" of creating such fake Facebook profiles (implying this isn't the only one).

Facebook itself has now stepped into the fracas, noting that the DEA's actions are a "knowing and serious breach" of the site's policies, and that those policies still apply to the government.

Most fundamentally, the DEA's actions threaten the integrity of our community. Facebook strives to maintain a safe, trusted environment where people can engage in authentic interactions with the people they know and meet in real life. Using Facebook to impersonate others abuses that trust and makes people feel less safe and secure when using our service. Indeed, as we have observed at Facebook, such deceptive actions are often used to further harmful conduct, such as trolling, hate speech, scams, bullying, and even domestic violence. This impact is markedly different from undercover investigations conducted in the "real" world.

It further asks that the DEA "immediately confirm that it has ceased all activities on Facebook that involve the impersonation of others or that violate our terms and policies." Of course, I wonder if it would even be possible for Facebook to figure out when the DEA sets up a fake profile, but it appears that this tactic by the DEA may not be usable going forward. You can read the full letter below or download it here (pdf).

Permalink | Comments | Email This Story
]]>not-coolhttps://www.techdirt.com/comment_rss.php?sid=20141017/16105328863Tue, 7 Oct 2014 07:54:46 PDTDEA Impersonated Woman, Set Up Fake Facebook Page, Posted Photos From Her Seized Phone To Make It Look RealMike Masnickhttps://www.techdirt.com/articles/20141006/17572528748/dea-impersonated-woman-set-up-fake-facebook-page-posted-photos-her-seized-phone-to-make-it-look-real.shtml
https://www.techdirt.com/articles/20141006/17572528748/dea-impersonated-woman-set-up-fake-facebook-page-posted-photos-her-seized-phone-to-make-it-look-real.shtmlimpersonating a woman, creating a fake Facebook profile without her knowledge or permission, and posting photos from her seized cell phone, all in order to try to get information from others. The specifics involve a woman, Sondra "Sosa" Arquiett, who was apparently the girlfriend of Jermaine Branford, a guy who was accused of (and eventually pleaded guilty to) drug trafficking. Arquiett was a minor player, charged with basically allowing Branford to use her apartment for storing and processing the cocaine he was trafficking. Arquiett was eventually sentenced to probation.

Where this gets interesting, however, is that Arquiett has now filed a civil suit against the US and DEA agent Timothy Sinnigen, who allegedly set up the fake Facebook account. Arquiett claims she never had a Facebook account, and only found out about the fake DEA one when a friend mentioned something about photos she was posting -- photos that the DEA had from seizing her phone. The details are laid out clearly in the lawsuit. Arquiett was arrested in July of 2010. By August, Sinnegen had set up the fake Facebook profile using information and photos from her phone, without telling Arquiett at all. Arquiett notes that:

The photographs used by Sinnigen included revealing and/or suggestive photographs of Plaintiff, including photographs of the Plaintiff in her bra and panties. Sinnigen also posted photographs of Plaintiff's minor child and her minor niece to Facebook.

The DEA then allegedly used the fake profile to try to contact other acquaintances who may have been involved in drug trafficking. This went on for at least three months before she discovered it. Sinnigen apparently flat out admitted it when confronted about it. Arquiett notes that, beyond the basic invasion of privacy reasons to be concerned, the whole thing may have put her in danger:

... by posing as her on Facebook, Sinnegen had created the appearance that Plaintiff was willfully cooperating in his investigation of the narcotics trafficking ring, thereby placing her in danger.

In the DEA's response to the lawsuit, they admit to setting up the fake profile and contacting possible drug dealers, but insist this is all perfectly fine.

Defendants admit that Plaintiff did
not give express permission for the use of photographs contained on her phone on an undercover
Facebook page, but state the Plaintiff implicitly consented by granting access to the information
stored in her cell phone and by consenting to the use of that information to aid in an ongoing
criminal investigations.

It's one thing to say "use the information seized for investigations" and quite another to "fake my identity and pretend to be me." Furthermore, the response argues:

Plaintiff relinquished any expectation of privacy she may have had to the
photographs contained on her cell phone.

Plaintiff consented to the search of her cell phone.

Plaintiff consented to use of information contained on her cell phone in ongoing
criminal investigations.

Plaintiff cannot establish a violation of her substantive due process rights because
she has not, and cannot, allege that Defendant Sinnigen’s alleged actions were taken with the
absence of a legitimate governmental interest.

Again, consenting to the use of the information is very different from saying "hey, go impersonate me." But, again, this is the DEA we're talking about, and they have quite a bit of history to playing fast and loose with legal boundaries to try to go after folks. Buzzfeed quotes numerous legal experts saying it's a massive stretch to go from consenting to using the information in an investigation, to arguing that means it's okay to impersonate the individual and pretend they're engaged in ongoing conversations with potential drug dealers.

This effort also almost certainly violates Facebook's terms of service, though it's unclear how Facebook feels about law enforcement folks doing so. Either way, it's yet another example of very questionable investigative techniques used online by law enforcement, and the DEA in particular.

Permalink | Comments | Email This Story
]]>extra questionablehttps://www.techdirt.com/comment_rss.php?sid=20141006/17572528748Thu, 17 Jul 2014 11:12:06 PDTThe Inevitable: Drunk Man Arrested For Impersonating Groping TSA Agent At AirportTimothy Geignerhttps://www.techdirt.com/articles/20140717/09101327916/inevitable-drunk-man-arrested-impersonating-groping-tsa-agent-airport.shtml
https://www.techdirt.com/articles/20140717/09101327916/inevitable-drunk-man-arrested-impersonating-groping-tsa-agent-airport.shtml
In all of the discussion of the TSA, their nudie scanners, and their insane groping as part of security theater, there tends to be a lot of hand-wringing over the slide of our civil liberties and the conditioning of citizens to accept these kinds of intrusions. The problem with making these kinds of slippery-slope and feature-creep arguments has always been how similar they are to insane conspiracy theories and they're typically met with as much derision by the general public. Sometimes, however, you get the unfortunate payoffs to these warnings.

A man suspected of being drunk posed as a security screener at San Francisco International Airport long enough to direct a couple of women into a private booth for pat downs before real security staffers caught on to him, authorities said Wednesday. The 53-year-old San Francisco man was arrested on suspicion of public drunkenness after creating a stir at the A-side security checkpoint of the International Terminal about 12:30 p.m. Tuesday, said Sgt. Wesley Matsuura of the San Mateo County Sheriff's Office.

Here's how insane this is: airport security has so conditioned people to having their privates tweaked that the women in this story likely still don't know that they were violated by someone posing as an agent, and all of this happened amidst the security apparatus the TSA has set up to begin with. It's like a double trump card. Security sucks to point that two women were molested in their midst before anyone caught on and it was only allowed to happen by the victims because they've been conditioned to expect exactly this sort of thing.

Look, sorry, but sometimes the damned slope is indeed slippery and sometimes we get to see the dangers of trading liberty for safety right in front of us. By all accounts, this molester's scheme wasn't even difficult to pull off.

Two other airport law enforcement sources tell us the incident started when the man entered the security area wearing khaki pants, a blue polo shirt and blue rubber gloves - an outfit that might have been mistaken for those worn by screeners with the private Covenant security firm. The man, apparently without saying much, steered a woman into one of the private screening booths used to pat down selected passengers, our sources say. What happened inside isn't known, because the woman soon disappeared to catch a flight.

A few minutes later, the man directed a second woman toward the booth, our sources say. This time, however, he caught the attention of real screeners, who figured something was wrong because male screeners are prohibited from taking women into the booth for a pat-down without a female screener also being present.

Only then was he detained and charged with...public drunkenness. And nothing else. Why? Well, because the women he violated got on their planes thinking he was an agent and made their way to their destinations. If that doesn't demonstrate the danger in all this, nothing will.

Permalink | Comments | Email This Story
]]>had-to-happenhttps://www.techdirt.com/comment_rss.php?sid=20140717/09101327916Thu, 24 Apr 2014 07:38:00 PDTMayor Ardis Defends Police Raid, Complains That Parody Twitter Account Used Up All The Free SpeechTim Cushinghttps://www.techdirt.com/articles/20140423/17345027010/mayor-ardis-defends-police-raid-complains-that-parody-twitter-account-used-up-all-free-speech.shtml
https://www.techdirt.com/articles/20140423/17345027010/mayor-ardis-defends-police-raid-complains-that-parody-twitter-account-used-up-all-free-speech.shtml
As we recently covered, Jim Ardis, the absurdly thin-skinned mayor of Peoria, IL, got the boys in blue to raid a house over a parody Twitter account that portrayed him as a.) a possible drug user, b.) a possible patron of the world's oldest profession and c.) "trill as fuck." Peoria's Finest have never been finer, deploying seven plainclothes officers to nail a dangerous tweeter whose Ardis-mocking account had been shut down by Twitter weeks before. Bonus: drugs were discovered during the raid, which meant the cops could at least declare victory over marijuana use, if not the internet itself.

"I still maintain my right to protect my identity is my right," Ardis said in an interview with the Journal Star before the council meeting.

"Are there no boundaries on what you can say, when you can say it, who you can say it to?" Ardis said. "You can’t say (those tweets) on behalf of me. That’s my problem. This guy took away my freedom of speech."

Presumably prior to this awesome show of force, the mayor had been forced to sit quietly with his hands folded on his desk. But now that he's stomped on someone else's First Amendment rights, he can finally freely speak.

A review of state law indicates the account holders of now-shutdown Twitter account, @peoriamayor, didn’t break the law because the actual crime alleged, “false personation of a public official,” has to be done in person, not over the Internet or other electronic media, said State’s Attorney Jerry Brady.

"At this time, no, because subsection (b) doesn’t include the use of electronic media," he said.

There are also questions as to whether the unrelated drug charge will stick because, well, it's completely unrelated. The warrant used to raid the house appears to be on legally shaky ground already, and its supposed purpose was to effect arrests and seize evidence related to a Twitter account, not root around until something better presented itself. But it could be weeks before that part is sorted out. The States Attorney says it's not uncommon for search warrants and affidavits to take "several days to weeks" to arrive at his office. (Must send these via trans-Atlantic steamer, I guess...) One imagines documents related to this case will take longer than usual.

Meanwhile, the population of Peoria, along with the city council, is extremely angry that Ardis abused his position. A long, heated discussion of this incident included members decrying Ardis receiving preferential treatment from the Peoria PD, as well as generally lamenting how his actions have turned Peoria into a national laughingstock.

Ardis, however, seems unfazed. He still firmly believes he did nothing wrong. The problem here is everyone else, starting with the media.

"You’re the ones responsible for getting full information, but not to spin it in the way you want to spin it," Ardis said to a Journal Star reporter. "To make us look stupid."

"It’s your responsibility to put actual information out there and cover both sides. Not to opine. And that didn’t happen. Clearly, that didn’t happen."

Hey, Ardis. Only one person can make you look stupid, and he's that person up there claiming the First Amendment can't be evenly divided among several people. The actual information is out there. And it all adds up to Ardis not being able to take a joke, ordering cops to arrest people he doesn't find funny, and complaining about "suddenly" being universally reviled.

Permalink | Comments | Email This Story
]]>i'd find something else to spend the reelection fund onhttps://www.techdirt.com/comment_rss.php?sid=20140423/17345027010Mon, 21 Apr 2014 05:46:58 PDTPolice Raid Apartment, Seize Electronics Related To A Long-Suspended Twitter Account Parodying Town's MayorTim Cushinghttps://www.techdirt.com/articles/20140418/09431926959/police-raid-apartment-seize-electronics-related-to-long-suspended-twitter-account-parodying-towns-mayor.shtml
https://www.techdirt.com/articles/20140418/09431926959/police-raid-apartment-seize-electronics-related-to-long-suspended-twitter-account-parodying-towns-mayor.shtml
It doesn't matter how you look at this situation. This is an abuse of power. No matter how much benefit of a doubt you give the protagonists -- even if you cut the Peoria, IL police so much slack you're both falling over backwards (to borrow a Sparks lyric) -- this situation looks like the end result of an overly-close relationship between city politicians and local law enforcement. How else would you explain the following?

Illinois police seized computers and mobile phones while raiding a house whose owner was suspected of parodying the town mayor on Twitter.

In all, five people following the Tuesday evening raid were taken to the Peoria Police Department station for questioning, local media report.

The Twitter account, which had all of 50 followers, and had been already shut down by Twitter "weeks ago," became the flash point for a police raid that involved seven plainclothes officers and the detainment of five people - two of whom were cuffed at their place of employment.

If the mayor felt there was something wrong with this "impersonation," he had plenty of other options available that wouldn't have resulted in this egregious show of force. For one, he could have contacted Twitter and asked for the account to be suspended. (And, for all we know, he did. [UPDATE: see below.] The account hadn't been active for "weeks" by the time the raid took place.) Second, he could have pursued this through civil action (if he felt the account was defamatory, etc.). There was no reason to involve the police in this -- unless, of course, this was the sort of thing the Peoria Police enjoy doing.

Peoria is a town of 116,000 people. It has some problems with crime and also some problems with the police, which you can get a sense of if you follow my work or the work of Matt Buedel, the Journal Star crime reporter who broke a several stories last yeardetailing misconduct within the police department, including an attempt to catch a city councilman in a prostitution sting. The Illinois Attorney General’s Office ruled that an internal report regarding some of those acts of alleged misconduct should be released, but the city and the police department refused. (That report was apparently “lost” by Settingsgaard, and somehow ended up in the hands of a panhandler who, coincidentally, I used to work at a gas station with and know to be a pretty serious drug addict.)

The prostitution sting involved 12 task force officers staking out a Red Roof Inn overnight in hopes of catching Dan Irving, a city council candidate, with a prostitute. This sting ran the day after a close primary election. (Irving went on to lose the general election.) The overnight stakeout was ultimately fruitless as Irving never arrived at the motel with or without a prostitute.

Evidence exists that the Peoria Police Department is willing to be politically motivated. These officers trashed rooms and grabbed every device with an internet connection (including some Xboxes), proclaiming they were linked to an "internet crime." Although no one's been charged yet (other than an unrelated marijuana possession charge -- hooray for the fortuitous results of a bogus police search), the chief of the Peoria Police has dug deep enough into Illinois law to find something to use against the person running the long-suspended, inside joke of an account.

Peoria Police Chief Steve Settingsgaard said the department was investigating misdemeanor charges of impersonating a public official, which carries a maximum one-year jail term and $2,500 fine. The chief, according to the Southern Illinoisan, said it "appears that someone went to great lengths to make it appear it was actually from the mayor."

Really? "Great lengths?" How many Twitter users would have believed the following was issued by the Mayor or his office?

Beyond that, the account bio was changed on March 10th to indicate the account was a parody. A couple of weeks later, it was suspended. Three weeks after that, Peoria police corral five people and their electronics in order to stop something that was already dead and never popular.

Now, news of this has spread nationwide, and as Justin Glawes points out, it has led to the generation of several more fake Peoria Mayor accounts. The colossally stupid effort has done little more than given the nation a reason to dig into the misdeeds of the Peoria Police and an indication of just how thin Mayor Ardis' skin is.

Permalink | Comments | Email This Story
]]>from-overkill-to-backfire-in-record-timehttps://www.techdirt.com/comment_rss.php?sid=20140418/09431926959Tue, 10 Sep 2013 11:16:00 PDTFLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's ServersMike Masnickhttps://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtml
https://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtmleconomic espionage, but with so many other important points in that story, it got a little buried. One of the key revelations was about a GCHQ program called "FLYING PIG" which is the first time I can recall it being clearly stated that the NSA or GCHQ has been running man-in-the-middle attacks on internet services like Google. This slide makes it quite clear that GCHQ or NSA impersonates Google servers:

There have been rumors of the NSA and others using those kinds of MITM attacks, but to have it confirmed that they're doing them against the likes of Google, Yahoo and Microsoft is a big deal -- and something I would imagine does not make any of those three companies particularly happy. As Ryan Gallagher notes in the Slate article linked above:

in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.

Documents from GCHQ’s “network exploitation” unit show that it operates a program called “FLYING PIG” that was started up in response to an increasing use of SSL encryption by email providers like Yahoo, Google, and Hotmail. The FLYING PIG system appears to allow it to identify information related to use of the anonymity browser Tor (it has the option to query “Tor events”) and also allows spies to collect information about specific SSL encryption certificates.

While some may not be surprised by this, it's yet more confirmation as to how far the NSA is going and how the tech companies aren't always "willing participants" in the NSA's efforts here. Of course, the real question now is how the NSA is impersonating the security certificates to make these attacks work.

Permalink | Comments | Email This Story
]]>doubtful that google is happy about thathttps://www.techdirt.com/comment_rss.php?sid=20130910/10470024468Tue, 9 Apr 2013 11:01:40 PDTDid Stephen Colbert And President Bill Clinton Violate The CFAA?Mike Masnickhttps://www.techdirt.com/articles/20130409/08525322632/did-stephen-colbert-president-bill-clinton-violate-cfaa.shtml
https://www.techdirt.com/articles/20130409/08525322632/did-stephen-colbert-president-bill-clinton-violate-cfaa.shtmlThe Colbert Report. As many people have noted, at the very end of the program, Colbert told Clinton that he had taken the liberty of signing him up for a Twitter account, since Clinton does not currently use Twitter (he joked that he was afraid no one would reply to his tweets). The Twitter account is @PrezBillyJeff, and Colbert sent Clinton's first tweet live while on the air. If you're in the US or the one or two other places that Hulu actually works, you can see the exchange below (if you're elsewhere, blame Viacom for being stupid):

Of course, as we've been discussing this week, the CFAA is an awful bill concerning hacking, and needs to be reformed. A big part of the problem is that it appears to criminalize what seems like every day behavior, and the DOJ has interpreted the CFAA broadly. While not all courts agree, the DOJ has argued that merely disobeying a website's terms of service means that you've violated the CFAA by accessing content either without authorization or by exceeding authorization.

Impersonation: You may not impersonate others through the Twitter service in a manner that does or is intended to mislead, confuse, or deceive others

Now, you could argue that Colbert registering an account for Clinton without his permission does not reach that level, but are you confident that someone else doing the same thing less publicly wouldn't run into problems if their tweets pissed someone off? An account that many people believe actually belongs to Bill Clinton would be highly valuable. Indeed, just overnight the account has racked up tens of thousands of followers. In the meantime, it's not even entirely clear who actually controls the account. Colbert registered it and tweeted from it. Are any future tweets coming from Colbert or Clinton or someone else? It's not difficult to make an argument that the account is intended to confuse others. Furthermore, if Colbert is transferring the account over to Clinton, it means that Clinton never actually agreed to the terms of service in the first place. Would that mean he is then abusing the use of the service?

While they appear to now have been deleted, according to the Washington Post, after the inaugural post done live on the air, there were a series of other tweets in which it was not clear if it was Clinton or Colbert tweeting. One had "Clinton" refer to "Colbert" as his new "BFF" and the tweets used the hashtag "#notColbertpretendingtobeme." At the very least, there is clear confusion, and a regular person might assume that this is Bill Clinton tweeting. If it's actually Colbert, it could be seen as a CFAA violation.

Yes, this is a stretch -- no doubt about it. But that's part of the problem with the CFAA. It is so broadly worded that simple activities like these can be twisted into a violation should someone in power wish to do so.

Permalink | Comments | Email This Story
]]>another-day,-another-examplehttps://www.techdirt.com/comment_rss.php?sid=20130409/08525322632Wed, 6 Feb 2013 05:31:00 PSTArizona Politician Parodied By Fake Twitter Accounts Pushes Bill To Make Online Impersonation A FelonyMike Masnickhttps://www.techdirt.com/articles/20130205/08220021887/arizona-politician-parodied-fake-twitter-accounts-pushes-bill-to-make-online-impersonation-felony.shtml
https://www.techdirt.com/articles/20130205/08220021887/arizona-politician-parodied-fake-twitter-accounts-pushes-bill-to-make-online-impersonation-felony.shtmlwould make it a class 5 felony to impersonate someone online "with the intent to harm, defraud, intimidate or threaten." That last part, obviously, limits the purely parodical accounts, but the definitions of those words could be quite broad, and the risk of an overly broad interpretation is quite real. Considering that class 5 felonies in Arizona come with a "presumptive sentence of a year and a half imprisonment," you would hope that the definitions here would be a lot clearer.

Of course, as the CMLP article notes, you have to wonder if Ugenti proposed this bill for personal reasons -- seeing as there are some parody twitter accounts for her, specifically @RubbingUGently and @RepMUgenti. It seems that Rep. Ugenti got some attention for snapping at a bunch of students, who would be charged $2,000 more (regardless of their financial aid setup) to attend university in the state, "welcome to life," and for making a hacky masturbation joke during committee hearings. If you want, the quip is at 2:14:30, and involves another committee member asking how long the hearings are going to run, and saying that he has "a hot date" that he wants to get to, leading her to say: "No you don't. Stop it. Your right hand doesn't count." All clearly overheard on microphone.

Would those parody accounts be subject to this new law? CMLP suggests they would likely be protected under the First Amendment, but of course, it could involve a long and convoluted trial to prove that point. Just the threat of jail time could create serious chilling effects on parody speech. As for Rep. Ugenti being concerned about fake Twitter and Facebook profiles, perhaps she should take her own advice: "welcome to life."

Permalink | Comments | Email This Story
]]>be-careful-who-you-parodyhttps://www.techdirt.com/comment_rss.php?sid=20130205/08220021887Wed, 14 Jul 2010 04:45:05 PDTMan Fined $400 For Impersonating A MoronMike Masnickhttps://www.techdirt.com/articles/20100708/17590710138.shtml
https://www.techdirt.com/articles/20100708/17590710138.shtmlfined $400 for telling the cops his name was Andrew Moron after he was caught drinking beer at a beach. What's illegal about that? Well there's a ban on alcohol at the location and, the guy's name is actually Alan Henry, and so the police charged him with "impersonation to avoid arrest." So, basically, he was charged with impersonating a moron. Of course, one might argue that it's not impersonation if it's true...

Permalink | Comments | Email This Story
]]>no,-seriouslyhttps://www.techdirt.com/comment_rss.php?sid=20100708/17590710138Thu, 3 Jun 2010 07:46:19 PDTWhen Reporters Write A Story You Don't Like, Perhaps Don't Impersonate Them Asking For Sexual Encounters Or Nude Modeling JobsMike Masnickhttps://www.techdirt.com/articles/20100602/1534199663.shtml
https://www.techdirt.com/articles/20100602/1534199663.shtmlamusing, if slightly disturbing, email exchange between a recent law school grad, Jesse Clark, seeking a paralegal position, and the lawyer who (almost) hired him, Rosaleen Clayton. You should read the whole thread. It starts out with Clayton almost offering Clark a job, but expressing some concerns about his work, and suggesting that perhaps they try a few freelance (paid) projects, and if the quality is good, she would offer full-time employment. Now, you may or may not think this is a reasonable offer, and I can certainly understand why some job seekers might not like it. But the response should be to gracefully move on, seeking full-time employment elsewhere. Instead, Clark responded by claiming he didn't understand why she wouldn't offer full time employment based on his writing samples and good grades.

Clayton, in response, gave a very honest assessment to Clark of her concerns. Some might consider her response a bit harsh, but it appears to just be honest constructive criticism -- which is actually quite useful. Clark responded defensively, and slightly threateningly (in saying he is going to call someone who works for Clayton and let them know that she wanted Clark to give a report on how she answered the phones) and the whole thing spirals completely out of control. We're not just talking about burning a few bridges here, but setting a whole town on fire. Clayton points out that Clark's response is probably not a good way to kick off a career in the tight-knit legal community, and Clark gets ever more insulting -- including the two statements that standout:

What next? Do you want me to kiss your feet her Royal Highness?

It's amazing that the Ma Bar lets women practice law. Shouldn't you be home cleaning and raising children?

Wow. But, okay, even if you grant that the guy was having a bad day and pissed off about not getting the job, you would think that after all this he would recognize that perhaps it's best not to fly off the handle like that. Apparently not. After The Docket reported on this story, so did Kashmir Hill at AboveTheLaw -- and Clark, none too happy about either report, decided that he was going to respond in his own special way.

In response to the report on The Docket, Clark apparently changed a male modeling profile he had set up so that it was in the name of The Docket reporter, Noah Schaffer, saying that Schaffer was available for nude photo shoots (this post also notes that Clark apparently posted a Craigslist post "responding" to Clayton's help-wanted ad, but does not identify the nature of this post). As for Kashmir Hill, she discovered (after getting a barrage of phone calls on her mobile phone from unknown men) that someone (who she suggests was Clark) put up a "casual encounters" ad with her mobile phone number and photo on Craigslist, suggesting she wanted to get together for casual sex.

Both Hill and Shaffer seem to take this in an amazingly good natured manner, though Hill points to recent case law of others posting such fake Craigslist ads being arrested and charged with various crimes. In Hill's discussion of this, she spoke with Shaffer who said that Clark:

"sent me a note threatening legal action, but then added that he'd take down the model site if I removed the blog item about him."